SSL3_READ_BYTES erron on connecting via PHP cURL

Question

My code generates:

error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

$ch = curl_init('https://*************.org/');
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
//curl_setopt($ch, CURLOPT_SSLVERSION,3);
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,2);
//curl_setopt($ch, CURLOPT_SSLVERSION, 3);
//curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'SSLv3');
//url_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
//curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'RC4-SHA');
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1)  ;
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

curl_exec($ch);
if(curl_errno($ch))
{
     echo 'error :' . curl_error($ch);
};

PHP version: 5.5.6
cURL version: 7.21.0
SSL version: OpenSSL/0.9.8o

PussyTorrents does not have a valid SSL certificate, or the certificate is not using the correct protocols you are defining in your CURL request. — Martin

Jyo de Lys Jyo de Lys · Accepted Answer · 2015-10-07T12:27:32

It seems the website you are trying to connect to only supports ECDHE-ECDSA cipher suites: you can check it here.

It appears that OpenSSL 0.9.8 does not support Elliptic Curve cryptography:

./openssl098/openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5

It can be fixed by updating OpenSSL.

SSL3_READ_BYTES erron on connecting via PHP cURL

1 Answers